Showing 1 - 1 of 1

CVE-2023-28485

Status Candidate

Overview

A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board (where they have BoardAdmin access), and renameAttachment does not block XSS payloads.

Related Files

Wekan 6.74 Cross Site Scripting: Posted May 30, 2023; Authored by Heiner Liesegang | Site sec-consult.com; Wekan versions 6.74 and below suffer from a persistent cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2023-28485; SHA-256 | 5f6a618a585ca68e8d37984d4e6630f7467ca93dcc564f837032ebe7f0466fa4; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 286 files
Ubuntu 65 files
Debian 25 files
Gentoo 16 files
LiquidWorm 10 files
nu11secur1ty 6 files
Milad Karimi 4 files
Google Security Research 3 files
Adam Gowdiak 3 files
kai6u 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,028)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,483)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,509)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,710)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,480)
UNIX (9,395)
UnixWare (187)
Windows (6,653)
Other

CVE-2023-28485

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems